Connect with us

Hi, what are you looking for?


Management & Strategy

Shifting Boundaries Require a New Approach to Data Center Protection

Trends Including Virtualization, Bring-Your-Own-Device and Cloud Computing are Making Data Center Security Increasingly Complex.

Trends Including Virtualization, Bring-Your-Own-Device and Cloud Computing are Making Data Center Security Increasingly Complex.

As an IT security administrator in today’s world it’s easy to feel as if you’re losing control over your domain. Trends such as virtualization, bring-your-own-device (BYOD) and cloud computing remove the traditional boundaries that have defined what you need to protect. The comfort of the four walls of the enterprise no longer exists and protecting what’s at the core – the data center – is becoming increasingly complex. Let’s take a closer look at these trends and the threats they can present to the data center.

Data CenterVirtualization: While virtualization promises a host of benefits including reduced operating costs, increased flexibility and energy savings, organizations are only realizing partial benefits due to security concerns. To minimize risk, many organizations have taken a ‘siloed’ approach to deployment where each business application or functional area gets their ‘own’ virtualized environment. However, expansion beyond compartmentalized server virtualization into areas like cross-functional applications – even those that access sensitive data – is on the horizon. A “2011 Virtualization and Evolution to the Cloud Survey” conducted by Applied Research shows growth in 2012 beginning with Web, database and email applications followed by business-critical applications like HR, accounting and ERP. To support this broader adoption and enable organizations to more fully realize the benefits of virtualization, protections and controls similar to those in the physical server world are key.

BYOD: The trend of bringing personal devices, such as smartphones and tablets, to work shows no sign of abating and the impact on the data center is significant. The “2011 Consumerization of IT Study” conducted by IDC found that 40% of IT decision makers say that workers access corporate information from employee-owned devices, but in stark contrast more than 80% of employees indicated they access corporate networks this way. To protect their corporate assets organizations need to close this gap with appropriate security controls, policies and processes.

Cloud computing: For cost-savings and operational efficiencies a large majority of organizations are now moving at least some business activities to the cloud. According to Gartner’s Worldwide Forecast, 2010-2015, Software as a Service (SaaS) is projected to reach $21.3 billion by the end of 2015. With so many applications migrating to the cloud, IT organizations have a lot less control over application usage and versions and a greater potential for vulnerabilities.

Despite these trends and the shifting boundaries they create, you can still exert control—you just need to do so at different levels and in different ways. Following are some guidelines you can use to maintain defenses.

Network layer: Identify technologies that provide deep network visibility and enable you to see all of the devices connected to your network, including such things as mobile devices, network infrastructure, virtual machines and client-side operating system/browser versions. With visibility comes control. Being able to see and understand the risks and vulnerabilities allows you to put policies in place to protect corporate assets.

Application layer: Visibility into applications running both inside the organization and outside from the cloud provides deeper understanding into which applications the business is using, what individuals are using and what is being accessed through a SaaS model. With this knowledge you can understand potential threats to the data center and institute policies to put controls in place that reduce the attack surface. For example, you may find that half of the applications aren’t business related and you can prevent their use. The same is true of applications on employee-owned devices. While you may not be able to limit the installation of an application on the device, you can prevent it from accessing corporate-owned computers or data.

Advertisement. Scroll to continue reading.

Virtualization: Consider solutions that provide threat visibility between virtual machines (VMs) on the same host and the ability to inspect/protect virtual networks. As organizations take greater advantage of the benefits of virtualization, for example through Virtual Desktop Infrastructure (VDI), application virtualization and support for the dynamic data center, eliminating blind spots and enabling the same level of protection as in the physical world are critical.

Enterprise class management: Centralized security management is extremely difficult to achieve in highly distributed environments. Most vendors offer disparate security solutions for each technology area (mobile, cloud, and virtual) with disparate management systems. Identify solutions that can provide visibility across the entire spectrum of devices and applications and also consolidate management and streamline security policies of physical and virtual infrastructure.

Virtualization, BYOD and cloud computing are here to stay—the efficiencies are too great to ignore. Although you may feel like you’re losing control of the data center as boundaries shift, there’s no reason for that to happen. Technologies that help you see beyond the walls enable you to evolve your security practices in lock step with these trends and maintain control.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...